From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=SLawfWMn; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 1D0B15A0635 for ; Fri, 14 Feb 2025 00:41:07 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202502; t=1739490062; bh=JjDrZkkrgiLI1ezdbGYiQLkTtlIYAG4RskNr29nmrIY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=SLawfWMnrE4O7J8mA2ptqIX4mO0gLZ/2DHxNRzEvB58eeBSpRaqaqCjLOdOPnqXdD 80S6LYZdt5BiCYFkDnrYeOkVFH4duclHqaDnqbXdoGBUCrgKTXw/yIN1m+cMcDsyf8 wG3IUq6gOgqITKPSijqATWVDVSdh1qiULhOPCMQqlfVq3w1IgBcOMvDINHRaDP/WCe 0t7sX1VJb8t7BrrRhaECmJkpiASsPPXs3o9M3uCOqy6PAe1x1+omEmWjCFPDNJ4zVs x9nQRKb0cOZTsxbsqmPYGsO7sE43rrf413b/ds/DBdIWF7RZta5Xv8bVTPAtCejvhC K7F2ysPfuperA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4YvBWy0XCkz4x2J; Fri, 14 Feb 2025 10:41:02 +1100 (AEDT) Date: Fri, 14 Feb 2025 10:01:07 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] tcp: Keep updating window and checking for socket data after FIN from guest Message-ID: References: <20250213221644.4086036-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="R0LYgVwn8uYUbuBA" Content-Disposition: inline In-Reply-To: <20250213221644.4086036-1-sbrivio@redhat.com> Message-ID-Hash: 6EQ6S4P5REMXRS5AVAGTIO76R3KROVEX X-Message-ID-Hash: 6EQ6S4P5REMXRS5AVAGTIO76R3KROVEX X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --R0LYgVwn8uYUbuBA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 13, 2025 at 11:16:44PM +0100, Stefano Brivio wrote: > Once we get a FIN segment from the container/guest, we enter something > resembling CLOSE_WAIT (from the perspective of the peer), but that > doesn't mean that we should stop processing window updates from the > guest and checking for socket data if the guest acknowledges > something. >=20 > If we don't do that, we can very easily run into a situation where we > send a burst of data to the tap, get a zero window update, along with > a FIN segment, because the flow is meant to be unidirectional, and now > the connection will be stuck forever, because we'll ignore updates. >=20 > Reproducer, server: >=20 > $ pasta --config-net -t 9999 -- sh -c 'echo DONE | socat TCP-LISTEN:999= 7,shut-down STDIO' >=20 > and client: >=20 > $ ./test/rampstream send 50000 | socat -u STDIN TCP:$LOCAL_ADDR:9997 > 2025/02/13 09:14:45 socat[2997126] E write(5, 0x55f5dbf47000, 8192): Br= oken pipe >=20 > while at it, update the message string for the third passive close > state (which we see in this case): it's CLOSE_WAIT, not LAST_ACK. >=20 > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > tcp.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) >=20 > diff --git a/tcp.c b/tcp.c > index a1d6c53..16d01f6 100644 > --- a/tcp.c > +++ b/tcp.c > @@ -338,7 +338,7 @@ static const char *tcp_state_str[] __attribute((__unu= sed__)) =3D { > "SYN_RCVD", /* approximately maps to TAP_SYN_ACK_SENT */ > =20 > /* Passive close: */ > - "CLOSE_WAIT", "CLOSE_WAIT", "LAST_ACK", "LAST_ACK", "LAST_ACK", > + "CLOSE_WAIT", "CLOSE_WAIT", "CLOSE_WAIT", "LAST_ACK", "LAST_ACK", > /* Active close (+5): */ > "CLOSING", "FIN_WAIT_1", "FIN_WAIT_1", "FIN_WAIT_2", "TIME_WAIT", > }; > @@ -1968,6 +1968,8 @@ int tcp_tap_handler(const struct ctx *c, uint8_t pi= f, sa_family_t af, > /* Established connections not accepting data from tap */ > if (conn->events & TAP_FIN_RCVD) { > tcp_update_seqack_from_tap(c, conn, ntohl(th->ack_seq)); > + tcp_tap_window_update(conn, ntohs(th->window)); > + tcp_data_from_sock(c, conn); > =20 > if (conn->events & SOCK_FIN_RCVD && > conn->seq_ack_from_tap =3D=3D conn->seq_to_tap) --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --R0LYgVwn8uYUbuBA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmeueZ0ACgkQzQJF27ox 2GcUnA//cyONN0oQyOlR2gQTPEBI3o1wVkKrc3aQ+bqrTyDRJLkPmGtfeDgC4NnA gWMQWRArknqoQ2D1EsURoSgcbSeykBnbNzDRhHZ0WNdVVb2OGv1xHvnjSAJ/lV6r k6eMH7tBBscJFBVChnAbl8/luIc2NT8K2wc7vftiYMTm7VDNCdwX9HBWoIhl30yP W5zy+nSoZdpRMmHUjyEJ1yg3X08L7qJR739l9r5AGust0dK3p7IONky2Eg+ZCyZO vPX1H6KjdmGLSH5LVfer4Ccz6VmrpcMqYmdKslqaQFY0crTdLO7N/fsL8htLfBcb ztMGqYNEL0wkz84Z8e7RxVLZtVr2kxjSBfsAv9+zS2Oyr9NtEUwO/dCgqL7+OpBL fR6r64wkb4VPz3Vpqc/kGL3HEY71X9RxcHmIUQvjZ4qBk29RspUWTXV7rv7aLqs+ S+WI9vfNYZr+dhCjjAxoEunXNhOzzw2TBlnb7EzM148EBgyOMUa9eaNlpHKgxc8E L3Pw4agVJ+tXEi228kN8hD3OtQiuATgKj74vIhOrbscO4h+AHObDhoTT5B6oFMbY QjONdlxS1fv/h9KUFsfP4BGpFbFlxheYyVpoFOT8dqWgbCwLFuJx3qWNbCFbH0zE X9cm0oCOfuwRiPuMGA9iv6l67c+1lWvdUQvfi64cULDq2eFarEA= =6dNk -----END PGP SIGNATURE----- --R0LYgVwn8uYUbuBA--